Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

An anonymous reader writes "T-Mobile's G1 phone, the first commercially available Android based phone, has been rooted. The exploit is extremely simple to execute, just requiring you to run telnetd from a terminal on the phone, and then connecting to the phone via telnet."

in related news, researchers have discovered that if you open a root console on any flavour of linux and stick the keyboard out a window anyone walking by will be able to gain root access to you machine.

Because telnetd has some tiny fraction of the system overhead of ssh daemons, even "tiny" ones.

CPU usage for an SSH daemon during an interactive session, while it probably is higher than a telnet daemon, is still low enough (0.005% instead of 0.001%, perhaps?) that it'll most likely get lost in the noise. I have dropbear running on a WRT54GL, and it has no trouble keeping up. The trivial CPU usage is worth the added security. It might crunch a bit more during session setup when it's using public-key encr

The "Breaking" part of "Breaking & Entering" refers to breaking the plane of entry, not physically damaging anything.

"Breaking" is not actually a separate action from "Entering". The reason they are used together is for clarity...one word derives from Old English, and the other word derives from French. Writing laws this way was useful when the Normans and Saxons were trying to cohabitate on the same island.

There are many legal terms constructed the same way:Null and voidCease and desistLast Will and TestamentAid and AbetGoods and ChattelsTerms and Conditionsetc.

No it doesn't. It meant breaking your way in, just like it sounds. The application of the laws later changed to any forcible entry and finally to even using just the force required to open an unlocked door. Isn't it great how judges can change our laws without rewriting them?! In some states the laws *have* been changed to call any trespass of an enclosed property "breaking and entering". I guess they liked the name. It's kinda cool.

No. Needs citation and permanent link to reputable source. We will then run it past the legal department and conduct a full analysis of all facts and observations and, upon filing the requisite forms, of course, only then will we consider your suggestion of "humor". Please allow the standard six to eight weeks for the laugh.

i dunno. tech support operators have a hard enough time walking the average person through how to run ipconfig on their windows PCs. trying to get the average person to open a terminal in Linux to run anything would be like trying to walk a cow down a flight of stairs.

Guess you didn't actually read the material. This shouldn't work but somehow a privledge escalation is allowing a non-root user to invoke telnetd and then to connect from outside and actually get a root shell. So the owner of the hardware is able to break int T-Mobile's software. Oh the horror!

So far it is more likely to simply get patched instead of developing into a full jailbreak but stay tuned. The camel's nose has entered the tent, it just might be able t

Sorry, I fail for not RTFA. They are misusing "rooted", which confused me. "rooted" in the popular [geek] vernacular means that a remote non-admin user can gain root access, such as through a buffer overflow exploit. It has nothing to do with the practice of gaining root access on your own devices.

Sorry, I fail for not RTFA. They are misusing "rooted", which confused me. "rooted" in the popular [geek] vernacular means that a remote non-admin user can gain root access, such as through a buffer overflow exploit. It has nothing to do with the practice of gaining root access on your own devices.

I think they're using it to imply that you're renting access to Google's OS instead of gaining ownership of it, so you're gaining root access against the owner's intent.

No more sizable than on any platform that's remotely "open". If I can install and run unsigned apps, then trojans are a risk. If I can only run signed apps, then the risk is mitigated by exactly the same amount that the signing authority is trustworthy.

Sure you will. I know people are working on it (guess I'm going to be guinea pig for this again). Most HTC Windows Mobile devices this has been done long ago (and usually takes only a couple of days after a new one comes out).

Not having the signing keys is usually not that much of an issue (just disable the key check).

I've never understood why so many web programmers insist on parsing E-mail addresses, very few are capable of doing it correctly. I usually use splab+someidentification@mydomain.tld - this way I can track where I submitted the address they got - but since programmers insists on parsing the E-mail address they almost always considers + to be invalid.

You said it yourself - the problem is that they get it wrong, not that they do it. I use a regular expression that checks that it matches the RFC specification. A double hyphen passes, as does an address with a + in. I confirm the addresses afterward, the validation is just to check that they haven't done anything really stupid, like starting their street address in the "email address" field.

Validation is mostly about helping the user - I can't tell if they've put an incorrect address/email address/name/wha

I don't understand why placeholder arguments aren't used 100% of the time a string is placed into a SQL query. It's completely baffling. Were that the case, SQL injection attacks would be totally infeasible, excepting even dumber TheDailyWTF-grade scenarios like having clients send SQL to the server. I suspect that PHP doesn't have them (or makes them harder to use), which would explain why it's such a horrible language.

As for validating emails, check that there's at least one @ and that the part after th

I think you come across far fewer hyphens these days... I think people are comfortable just stringing words together, and so that has emerged as the de-facto standard. myspace, youtube, facebook, etc. A quick look at the alexa top 100 shows only one hyphen in the whole bunch.

Waiting to see how many non-Linux types try this and get in trouble. Its not a good idea to change permissions on sh. All other apps you run on your phone and use sh are now running as root [:)]
I would be very scared of this setup.
Going to enjoy this

It's apparently weirder than that. Running "telnetd" as an ordinary user apparently allows remote logins as root. This happens even though the "telnetd" executable does not apparently come with permissions set-UID to root. If that's correct, there's a security hole somewhere else that's being used by accident here. Is "login" a set-UID program on Android phones?

(As a robotics guy, I hate the name "Android" being used for a telephone. It's the worst choice since "U.S. Robotics" which ended up as a modem company.)

Just about everyone in the robotics community calls them humanoid robots anyway. "Android" and "droid" are pretty much confined to sci-fi, and by the time we have real androids, I'm pretty sure this phone OS will be a thing of the past. Sure, Ishiguro's current work in this area is pretty interesting, but even those robots are only mistaken for humans from a distance, and they aren't mobile.

Maybe, but I've worked in places that needed *more* bureaucracy. Then again, one of those was the place where we had to upgrade the comms because the construction workers were wasting too many chargeable hours downloading their daily porn. Just one written 'No porn in the workplace' document would have been nice.

I've found that the most powerful "no porn in the workplace" document is a letter of termination for creating an inappropriately uncomfortable or hostile work environment. Nobody who receives such a letter ever checks porn from the company's computers again, and most of their coworkers don't either.

Seriously, it's at least KIND OF a deal. First, there was no terminal of any sort on an android phone since I got mine Oct. 20th. So ~16 days from my receiving it to getting a root terminal. The pTerminal program is in many ways useless, as it's a really crappy terminal. But this is just what the doctor ordered.

Now, as I understand it the bootloader on the phone is encrypted or some such thing, so installing your own firmware is probably tivo-lockedout, but I'm not sure at all. I know android's

On a single-user device, the account you use is often root. Telnet typically has to run initially as root in order to listen on port 23. It then normally drops privs to the user who logs in. If the intent of the application wasn't to allow root access, then there's a bug in the telnet daemon. On a single-user device which is likely running in single-user mode, I'm not surprised it's easy to have a shell as root, though. I would expect this system they've been calling wide open to be, well, wide open.

Android does NOT run everything as root. They have a security model that uses separate user ids for many things, and root for almost nothing.
When you start the telnetd, it is as a non-root user, and the telnetd is not setuid. However, when you connect to the telnetd from a telnet client, you get a root shell. Something extremely weird and/or broken seems to be going on in there.

It's not setuid if it runs as root and has the privs of root. In fact, not setting the uid would be the issue (if there's actually any problem with a device's owner having access to his devices's administration).

The point of this exploit isn't so you can remotely hack other people's phones, it's so mobile hackers can get to a lower level than Android permits users to do, which will allow them to flash the phone with unsigned custom updates and what not and customise their phone more.

Seriously... it makes the news, when a device is rooted, that you OWN? I mean, isn't that the point of owning a device? That you can do whatever you want with it?Else it is not sold but leased. If they say they sold it, but do not give you root access, to me that is deliberate fraud and should be followed by a billon-dollar class-action lawsuit to sue them out of business.

You can install Android on the Nokia N800/N810, if you want. A phone-less G1 wouldn't be $100 BTW, as there'd be no reason for a phone company to subsidize it. An unsubsidized G1 is around the $400 mark, so you'd be looking at something closer to $300 for a phone-less G1.

Because the phone capabilities and the applications are all it has going for it right now, when it comes to things like video and music the G1 is nearly incompetent right now, and that seriously kneecaps its chances of competing with the ipod touch.